Re: [AMaViS-user] First public pre-release (-pre2) of

> > I run p0f-analyzer.pl on my MX host and amavisd-new on another host, is
> > this a security problem because p0f-analyzer does not bind to loopback
> > interface?
>
> No, it is not a security problem, just nice to have.
>
> There is already a restriction in p0f-analyzer.pl (the list @inet_acl)
> which discards all requests not coming from 127.0.0.1 (or whatever
> IP addresses are listed in @inet_acl).
>
> What is important is that p0f-analyzer.pl does not enter a
> tight loop (unnecessarily wasting resources) if it happens
> that a p0f program (piped to it) would crash or is manually killed.

I should add:

since you are running p0f-analyzer.pl on a separate host, it should
not bind only to a loopback interface. You need to specify:
$bind_addr = '0.0.0.0';
to let it bind to all interfaces, as before.

The list @inet_acl already restricts to which IP addresses
p0f-analyzer.pl is willing to reply. If some third-party
host in your networks is spoofing source IP address in
UDP request, then one of the listed hosts in @inet_acl
may be receiving unsolicited replies from p0f-analyzer.pl,
which may pose a small risk of DoS. Such attack is only
possible from within your own networks, as a firewall or
a router should already be discarding packets with your
own network address coming from outside.

Mark

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?p...rge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/